Checking Bash Vulnerability and Fixing it

There has been a critical vulnerability found in Bash. The vulnerability affects Linux/Unix distributions that use or have Bash installed. For additional information on this vulnerability please visit the following link:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

We advise all our clients to keep their servers & software updated constantly to make sure their servers are at minimal risk of potential vulnerabilities. For this particular vulnerability we recommend reading the following links and taking action as soon as possible:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/articles/1200223

To test if your version of Bash is vulnerable, run the following command:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

If you run the above example with the patched version of Bash, you should get an output verifying you are not vulnerable:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

To fix this issue just update your bash by following command:

yum update bash -y

Now check bash again:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"

It should return :

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

OR

this is a test